Weave v2[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Weave v2.zip
Size

1.4MB
MD5

652700dbedd64364a0010bbb412f90d9
SHA1

c11e9686e98500b693a5e27824bf3620b1b44da7
SHA256

33a8e1680a7115741716d2c15ac072388fee655c26760e93dd4429bccc9944bc
SHA512

80d1f384cb5377a8ed9f47797be804340d85fbee6336931b225d6a69db72680b8cf225ea96fb44179fc4470965a7f54e01a775758c9286ea2196b3c07b59cbc1
SSDEEP

24576:dX9ox8mVhNxjPrmOKoiHjzctZsDYDhtDRA+5N0h4E5ySJhQA0dtbfW19z9myy:Z0VhNVm6iHjzct6DYDPGm/E51JhWi19Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Weave v2.dll

Files

Weave v2.zip
.zip
Weave v2.dll
.dll windows:6 windows x86 arch:x86

75b2c5044058fbb248a13bfb083a0d34

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
FreeLibraryAndExitThread
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimePreciseAsFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SystemTimeToFileTime
GlobalAlloc
GlobalUnlock
GlobalLock
lstrcpyA
VirtualProtect
GetProcAddress
GlobalFree
VirtualAlloc
VirtualFree
VirtualQuery
CloseHandle
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
Sleep
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
OpenThread
SuspendThread
GetFileAttributesA
GetThreadContext
SetThreadContext
FlushInstructionCache
GetModuleHandleW
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetModuleFileNameA
FindClose
FindFirstFileA
FindNextFileA
GetFullPathNameA
CreateDirectoryW
GetVolumeInformationA
GetComputerNameA
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
CreateDirectoryA
ResumeThread
GetModuleHandleA
InitializeSListHead

user32

LoadCursorA
ClientToScreen
SetWindowLongA
FindWindowA
OpenClipboard
CloseClipboard
GetCursorPos
SetCursor
SetCursorPos
GetClientRect
SetClipboardData
GetClipboardData
EmptyClipboard
GetKeyState
CallWindowProcA
IsChild
GetCapture
SetCapture
ReleaseCapture
GetForegroundWindow
ScreenToClient

shell32

ShellExecuteA
SHGetFolderPathW
SHGetFolderPathA

msvcp140

?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
_Mtx_lock
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
?_Xout_of_range@std@@YAXPBD@Z
_Xtime_get_ticks
_Query_perf_counter
_Query_perf_frequency
_Thrd_sleep
_Thrd_detach
_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?is@?$ctype@D@std@@QBE_NFD@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?setf@ios_base@std@@QAEHHH@Z
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?id@?$ctype@D@std@@2V0locale@2@A
_Mtx_init_in_situ
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??Bios_base@std@@QBE_NXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?uncaught_exceptions@std@@YAHXZ
??7ios_base@std@@QBE_NXZ
?good@ios_base@std@@QBE_NXZ
?flags@ios_base@std@@QBEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

d3dx9_43

D3DXCreateTextureFromFileInMemory

winmm

PlaySoundA

imm32

ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext

xinput1_3

ord4
ord2

vcruntime140

__CxxFrameHandler3
strstr
longjmp
_setjmp3
memcmp
_except_handler4_common
__std_type_info_destroy_list
strrchr
_purecall
memcpy
memmove
memset
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memchr
strchr

api-ms-win-crt-runtime-l1-1-0

_beginthreadex
terminate
_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_invalid_parameter_noinfo_noreturn
abort
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_wassert
_seh_filter_dll

api-ms-win-crt-string-l1-1-0

wcslen
strcpy_s
toupper
strncpy
strcmp
strcpy
strcat
_stricmp
strncmp
strlen

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
_aligned_malloc
_aligned_free
realloc
free

api-ms-win-crt-math-l1-1-0

_dsign
trunc
log2
acos
cbrt
sqrt
pow
fabs
tan
log10
log
fmod
exp
atan2
atan
_dclass
ceil
fmaxf
cos
asin
_isnan
_finite
modf
_dtest
floor
sin

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
__stdio_common_vsscanf
fwrite
__stdio_common_vsprintf
__stdio_common_vfprintf
__acrt_iob_func
fgetc
fgetpos
fseek
fread
fputc
fsetpos
fflush
fclose
_wfopen
fopen
ftell
_fseeki64
setvbuf
ungetc
_get_stream_buffer_pointers

api-ms-win-crt-utility-l1-1-0

rand
qsort
srand

api-ms-win-crt-time-l1-1-0

clock
_time64
_ctime64

api-ms-win-crt-convert-l1-1-0

atoi
atof
strtol
atoll
_itoa_s
strtoul

api-ms-win-crt-filesystem-l1-1-0

_wremove
_lock_file
remove
_unlock_file

api-ms-win-crt-locale-l1-1-0

localeconv

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 361KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 417KB - Virtual size: 455KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

75b2c5044058fbb248a13bfb083a0d34

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

msvcp140

d3dx9_43

winmm

imm32

xinput1_3

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 361KB - Virtual size: 360KB

.data Size: 417KB - Virtual size: 455KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 67KB - Virtual size: 67KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 361KB - Virtual size: 360KB

.data
Size: 417KB - Virtual size: 455KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 67KB - Virtual size: 67KB